Setup moves the expensive hardware to a single trusted server.

The encryption that we rely on to secure network transactions is based on a simple computational challenge: it's hard to find two prime numbers when you're only given the big number that they produce when multiplied. Although the growth in computer processing power means we've needed to shift to bigger numbers, we can continue to do so as needed. This leaves eavesdropping as the biggest risk; to secure communication, each partner needs to get a copy of the relevant keys. If someone can break in on the key distribution process, they save themselves the need to do any math.

Quantum key distribution (QKD) is intended to be a way around this problem. By exchanging bits encoded in a quantum system—typically a photon—two parties can generate a unique key that can be used to encrypt communications. If anyone tries to eavesdrop on the process, their measurement of the photons used will leave a mark on the process that's easy to spot. (We have a more detailed description of the process in a past article.)

So far, QKD has largely remained a research project, although some progress is being made. Just last week, some researchers from Los Alamos National Lab described a system they've had working for almost two years. It's not especially novel (which is why it actually works), but it uses some clever tricks to shift most of the burden to a central server while putting less expensive hardware into the clients.

The basic idea behind the Los Alamos solution is that creating single photons for use in the key distribution has become relatively easy, and it can be done on inexpensive hardware. So the team built a bit of hardware slightly larger than a house key. It contains a true random number generator to set the bits it transmits and a single-photon source to produce them and send them directly into an optical fiber.

In contrast, detectors sensitive enough to measure individual photons tend to be expensive and bulky, so the authors used only one set of receivers, hooked up to a trusted server that, in traditional encryption speak, gets a name (Trent, in this case). That setup measured the individual bits coming in from the receiver and then publicly disclosed which ones it had measured. If there were no signs of interference with the transmission (caused by an eavesdropper), Trent used the bits to build a key, which it and the transmitter could then use to encrypt data broadcast over normal channels.

The best part is that it all works. One of the nodes that successfully negotiated encryption did so over a 50km long fiber optic link, and when the fiber isn't being used to negotiate keys, it could be used for regular networking traffic. Trent easily handled three nodes at the same time. The authors estimate that by scaling up the hardware they could get Trent to exchange keys with up to 1,000 clients.

In most circumstances, this sort of network topology—individual clients connected to a single server—isn't the sort of communication that most of us engage in. Still, the authors note that this is exactly the sort of thing electric utilities need in order to have a centralized control system talk to various grid components.

The system could still be used to negotiate encryption for two clients to talk directly to each other as well. If each client negotiates a set of three keys with Trent, then Trent can publicly reveal enough information to allow the two clients to calculate an encryption key that's secure. (Basically, by revealing a number that's the product of two clients' keys, the clients can use what they know about their own keys to calculate the other client's.)

The authors clearly worked to miniaturize the hardware involved, and they are already talking about further steps to shrink its size ("an order of magnitude in each dimension") and boost its performance. The Los Alamos team even suggests it might be possible to use their setup for "handheld security," although it's not entirely clear how much value there is in a handheld device that needs to be plugged into a fiber optic cable for security. What's never mentioned, however, is how much it might cost to mass produce the client hardware. Ultimately, that will determine what sort of devices this system will find a home in.

Maybe worth pointing out that the researchers DID NOT use a single-photon source as stated above, but rather a classical light source, a DFB laser highly attenuated to give a mean photon number < 1 to result in a small probability of multi-photon events. The detectors used here are also far from state-of-the-art, with NIST having superconducting nanowire detectors which put these InGaAs detectors to shame in both efficiency and dark count probability. Long-distance QKD has also been demonstrated many time over, over distances greatly exceeding 50 km.

Using different methods that are not strictly password related is a step that all security companies should be taking. Even if this key does not work to the best of its ability, it will open the door to new ideas and different ways of making secure transactions between users.

This sort of system cannot have repeaters, right? So it only works for two directly connected system? Or is there a way to repeat the photon without disturbing the contents?

I'm not an expert, but I'm pretty sure repeaters exist and by entangling the incoming photon with the outgoing one. This is all at the quantum level though, (the incoming photon isn't measured classically to create the outgoing photon's state)

"If someone can break in on the key distribution process, they save themselves the need to do any math."

They still need to do SOME math...those messages won't decrypt themselves.

But once you have the encryption key, you can theoretically decrypt the message at the same speed as the actual intended recipient could. If you're listening in on the stream, you just got the encryption key in real time.

"it's hard to find two prime numbers when you're only given the big number that they produce when multiplied. Although the growth in computer processing power means we've needed to shift to bigger numbers, we can continue to do so as needed. This leaves eavesdropping as the biggest risk; to secure communication, each partner needs to get a copy of the relevant keys. If someone can break in on the key distribution process, they save themselves the need to do any math."

It's only the RSA public key which has to be distributed. The private key doesn't and can stay where it was generated. It doesn't even have to be generated or used to decrypt random session keys or sign message hashes on a computer with an Internet connection. All that's needed is to keep the private key private, generate the primes securely and randomly enough, and for Bob to know that the public key purporting to be Alice's key really is Alice's and not Eve's. So I'm not sure from this article what problem QKD really solves, unless perhaps Alice and Bob are intending to use shared symmetric secrets as keys, instead of random session keys encrypted using RSA. That might perhaps be because Alice and Bob believe Eve who works for the NSA or GCHQ is well enough funded and secretive enough about more advanced quantum computing research than is generally though possible so really is capable of running Shor's algorithm on 4096 bit RSA keys on a quantum computer to factor these.

I thought we solved the problem of key exchange a long time ago, that's why SSL and TLS are secure...

I think the problem is that those "standard" forms of key exchange are vulnerable to a wizard who can factor large numbers, where as QKD is secure against that type of wizard. (I think QKD is resistant to any mathematical wizard, or someone with infinite computing time). So if/when larger quantum computers become viable, standard key exchange protocols won't work.

"If someone can break in on the key distribution process, they save themselves the need to do any math."

They still need to do SOME math...those messages won't decrypt themselves.

But once you have the encryption key, you can theoretically decrypt the message at the same speed as the actual intended recipient could. If you're listening in on the stream, you just got the encryption key in real time.

Yes, but you'll still need to do the math to decrypt them, even if it's significantly easier math.